wip: r/k8s-worker: Use K8s API to create join token

2025-06-29 17:19:58 -05:00 · 2025-06-29 17:19:58 -05:00 · 0a0ff374f2
parent a399591f16
commit 0a0ff374f2
1 changed files with 113 additions and 20 deletions
--- a/roles/k8s-worker/tasks/main.yml
+++ b/roles/k8s-worker/tasks/main.yml
@ -6,25 +6,118 @@
  tags:
  - kubeadm-join
- name: generate bootstrap token
+- name: add node to cluster
-  delegate_to: '{{ groups["k8s-controller"][0] }}'
+  #when:
-  command:
+  #  not stat_kublet_config.stat.exists
    kubeadm token create
    --kubeconfig /etc/kubernetes/admin.conf
    --ttl 1h
    --print-join-command
  when:
    not stat_kublet_config.stat.exists
  changed_when: true
  register: kubeadm_token_create
  tags:
  - bootstrap-token
  - kubeadm-join
 - name: join the kubernetes cluster
  command: >-
    {{ kubeadm_token_create.stdout }}
  when:
    not stat_kublet_config.stat.exists
  changed_when: true
  tags:
  - kubeadm-join
  block:
  - name: generate bootstrap token
    set_fact:
      bootstrap_token_id: >-
        {{ lookup("password", "/dev/null length=6 chars=ascii_lowercase,digits") }}
      bootstrap_token_secret: >-
        {{ lookup("password", "/dev/null length=16 chars=ascii_lowercase,digits") }}
      cacheable: false
    tags:
    - bootstrap-token
  - name: create bootstrap token secret
    delegate_to: localhost
    become: false
    kubernetes.core.k8s:
      definition:
        apiVersion: v1
        kind: Secret
        type: bootstrap.kubernetes.io/token
        metadata:
          name: bootstrap-token-{{ bootstrap_token_id }}
          namespace: kube-system
        stringData:
          description: Bootstrap token for {{ inventory_hostname }}
          token-id: '{{ bootstrap_token_id }}'
          token-secret: '{{ bootstrap_token_secret }}'
          expiration: >-
            {{ now().utcfromtimestamp(
                 now().timestamp() + 300
               ).strftime("%Y-%m-%dT%H:%M:%SZ")
            }}
          usage-bootstrap-authentication: 'true'
          usage-bootstrap-signing: 'true'
          auth-extra-groups: 'system:bootstrappers:kubeadm:default-node-token'
    tags:
    - bootstrap-token
  - name: get cluster info
    delegate_to: localhost
    become: false
    kubernetes.core.k8s:
      namespace: kube-public
      api_version: v1
      kind: ConfigMap
      name: cluster-info
    register: cluster_info
    tags:
    - cluster-info
  - name: generate kubeconfig for kubeadm join
    vars:
      kubeconfig: '{{ cluster_info.result.data.kubeconfig | from_yaml }}'
      config:
        apiVersion: v1
        kind: Config
        clusters:
        - name: kubernetes
          cluster: '{{ kubeconfig.clusters[0].cluster }}'
        contexts:
        - name: kubeadm
          context:
            cluster: kubernetes
            user: kubeadm
        users:
        - name: kubeadm
          token: '{{ bootstrap_token_id }}.{{ bootstrap_token_secret }}'
    copy:
      dest: /tmp/kubeconfig
      owner: root
      group: root
      mode: u=rw,go=
      content: '{{ config | to_nice_yaml(indent=2) }}'
    tags:
    - kubeconfig
  - name: generate join configuration file
    vars:
      config:
        apiVersion: kubeadm.k8s.io/v1beta3
        kind: JoinConfiguration
        nodeRegistration:
          kubeletExtraArgs:
            config: /var/lib/kubelet/config.yaml
        discovery:
          file:
            kubeConfigPath: /tmp/kubeconfig
    copy:
      dest: /tmp/joinconfiguration
      owner: root
      group: root
      mode: u=rw,go=
      content: '{{ config | to_nice_yaml(indent=2) }}'
  - name: join the kubernetes cluster
    command: >-
      kubeadm join --config=/tmp/joinconfiguration
    changed_when: true
    tags:
    - run-kubeadm-join
 - name: ensure temporary join configuration files are removed
  file:
    path: '{{ item }}'
    state: absent
  loop:
  - /tmp/kubeconfig
  - /tmp/joinconfiguration
  tags:
  - kubeadm-join-cleanup
  - cleanup